A  security vulnerability in the the OSCAR protocol plugin library, the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to cause a Denial of Service (DoS) through an application crash via crafted contact-list data for (1) ICQ and possibly (2) AIM.

This issue is also referenced in the following document:

CVE-2009-3615 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615

Permalink |

The web interface of the Common Unix Printing System (CUPS) in versions 1.4.1 and earlier is impacted by multiple security vulnerabilities which may lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks. These vulnerabilities could allow an unprivileged local or remote user (depending on the CUPS configuration), to inject malicious client-side scripts or HTML into the CUPS web interface page.

These issues are also described in the following document:

Permalink |

Multiple security vulnerabilities in libpng(3), which is shipped with Solaris, may allow a local or remote unprivileged user to disclose potentially sensitive information associated with applications linked to libpng(3), when a user has loaded a specially crafted Portable Network Graphics (PNG) format image file (.png) supplied by an untrusted user.

These issues are also described in the following document:

    CVE-2009-2042 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042

Permalink |

A security vulnerability in Solaris TCP sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
Permalink |